diff --git a/pkg/render/nonclusterhost/nonclusterhost.go b/pkg/render/nonclusterhost/nonclusterhost.go
index 595ed4206d..a047a647fa 100644
--- a/pkg/render/nonclusterhost/nonclusterhost.go
+++ b/pkg/render/nonclusterhost/nonclusterhost.go
@@ -191,9 +191,9 @@ func (c *nonClusterHostComponent) clusterRole() *rbacv1.ClusterRole {
 			Verbs:     []string{"get", "list", "watch"},
 		},
 		{
-			// Allow post flow logs to linseed.
+			// Allow posting flow logs and policy activity logs to linseed.
 			APIGroups: []string{"linseed.tigera.io"},
-			Resources: []string{"flowlogs"},
+			Resources: []string{"flowlogs", "policyactivity"},
 			Verbs:     []string{"create"},
 		},
 	}...)
diff --git a/pkg/render/nonclusterhost/nonclusterhost_test.go b/pkg/render/nonclusterhost/nonclusterhost_test.go
index bef30a1ab3..1b74f8fdb9 100644
--- a/pkg/render/nonclusterhost/nonclusterhost_test.go
+++ b/pkg/render/nonclusterhost/nonclusterhost_test.go
@@ -148,7 +148,7 @@ var _ = Describe("NonClusterHost rendering tests", func() {
 			},
 			rbacv1.PolicyRule{
 				APIGroups: []string{"linseed.tigera.io"},
-				Resources: []string{"flowlogs"},
+				Resources: []string{"flowlogs", "policyactivity"},
 				Verbs:     []string{"create"},
 			},
 			rbacv1.PolicyRule{